9 lines
No EOL
843 B
Text
9 lines
No EOL
843 B
Text
source: https://www.securityfocus.com/bid/7638/info
|
|
|
|
BadBlue is prone to a vulnerability that could allow remote attackers to gain unauthorized access to administrative functions.
|
|
|
|
It is possible to bypass BadBlue security checks when '.hts' files are requested by a remote user. BadBlue restricts access to non-HTML files by replacing the first two letters in the file extension of a requested resource with 'ht'. If the third character of a file extension is 's', then it is possible to trick BadBlue into serving a non-HTML file with an extension of '.hts'. This will bypass other security checks which would normally prevent BadBlue from serving these files to remote users.
|
|
|
|
http://www.example.com/ext.dll?mfcisapicommand=loadpage&page=admin.ats&a0=add&a1=root&a2=%5C
|
|
|
|
This example will reveal the contents of the server's primary volume. |